idnits 2.17.1 draft-ietf-softwire-mesh-multicast-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 381 has weird spacing: '... |group addre...' == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHALL not' in this paragraph: Choosing tunneling technology depends on the policies configured on AFBRs. It is REQUIRED that all AFBRs use the same technology, otherwise some AFBRs SHALL not be able to decapsulate encapsulated packets from other AFBRs that use a different tunneling technology. -- The document date (November 13, 2016) is 2718 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC4301' is defined on line 880, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 4925 Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire WG M. Xu 3 Internet-Draft Y. Cui 4 Intended status: Standards Track J. Wu 5 Expires: May 17, 2017 S. Yang 6 Tsinghua University 7 C. Metz 8 G. Shepherd 9 Cisco Systems 10 November 13, 2016 12 Softwire Mesh Multicast 13 draft-ietf-softwire-mesh-multicast-14 15 Abstract 17 The Internet needs to support IPv4 and IPv6 packets. Both address 18 families and their related protocol suites support multicast of the 19 single-source and any-source varieties. During IPv6 transition, 20 there will be scenarios where a backbone network running one IP 21 address family internally (referred to as internal IP or I-IP) will 22 provide transit services to attached client networks running another 23 IP address family (referred to as external IP or E-IP). It is 24 expected that the I-IP backbone will offer unicast and multicast 25 transit services to the client E-IP networks. 27 Softwire Mesh is a solution providing E-IP unicast and multicast 28 support across an I-IP backbone. This document describes the 29 mechanism for supporting Internet-style multicast across a set of 30 E-IP and I-IP networks supporting softwire mesh. 32 Status of This Memo 34 This Internet-Draft is submitted in full conformance with the 35 provisions of BCP 78 and BCP 79. 37 Internet-Drafts are working documents of the Internet Engineering 38 Task Force (IETF). Note that other groups may also distribute 39 working documents as Internet-Drafts. The list of current Internet- 40 Drafts is at http://datatracker.ietf.org/drafts/current/. 42 Internet-Drafts are draft documents valid for a maximum of six months 43 and may be updated, replaced, or obsoleted by other documents at any 44 time. It is inappropriate to use Internet-Drafts as reference 45 material or to cite them other than as "work in progress." 47 This Internet-Draft will expire on May 17, 2017. 49 Copyright Notice 51 Copyright (c) 2016 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (http://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 67 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 68 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 69 3. Scenarios of Interest . . . . . . . . . . . . . . . . . . . . 6 70 3.1. IPv4-over-IPv6 . . . . . . . . . . . . . . . . . . . . . 6 71 3.2. IPv6-over-IPv4 . . . . . . . . . . . . . . . . . . . . . 7 72 4. IPv4-over-IPv6 Mechanism . . . . . . . . . . . . . . . . . . 9 73 4.1. Mechanism Overview . . . . . . . . . . . . . . . . . . . 9 74 4.2. Group Address Mapping . . . . . . . . . . . . . . . . . . 9 75 4.3. Source Address Mapping . . . . . . . . . . . . . . . . . 10 76 4.4. Routing Mechanism . . . . . . . . . . . . . . . . . . . . 11 77 5. IPv6-over-IPv4 Mechanism . . . . . . . . . . . . . . . . . . 12 78 5.1. Mechanism Overview . . . . . . . . . . . . . . . . . . . 12 79 5.2. Group Address Mapping . . . . . . . . . . . . . . . . . . 12 80 5.3. Source Address Mapping . . . . . . . . . . . . . . . . . 12 81 5.4. Routing Mechanism . . . . . . . . . . . . . . . . . . . . 14 82 6. Control Plane Functions of AFBR . . . . . . . . . . . . . . . 14 83 6.1. E-IP (*,G) State Maintenance . . . . . . . . . . . . . . 14 84 6.2. E-IP (S,G) State Maintenance . . . . . . . . . . . . . . 14 85 6.3. I-IP (S',G') State Maintenance . . . . . . . . . . . . . 15 86 6.4. E-IP (S,G,rpt) State Maintenance . . . . . . . . . . . . 15 87 6.5. Inter-AFBR Signaling . . . . . . . . . . . . . . . . . . 15 88 6.6. SPT Switchover . . . . . . . . . . . . . . . . . . . . . 17 89 6.7. Other PIM Message Types . . . . . . . . . . . . . . . . . 17 90 6.8. Other PIM States Maintenance . . . . . . . . . . . . . . 17 91 7. Data Plane Functions of the AFBR . . . . . . . . . . . . . . 18 92 7.1. Process and Forward Multicast Data . . . . . . . . . . . 18 93 7.2. Selecting a Tunneling Technology . . . . . . . . . . . . 18 94 7.3. TTL . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 95 7.4. Fragmentation . . . . . . . . . . . . . . . . . . . . . . 18 96 8. Packet Format and Translation . . . . . . . . . . . . . . . . 18 97 9. Softwire Mesh Multicast Encapsulation . . . . . . . . . . . . 19 98 10. Security Considerations . . . . . . . . . . . . . . . . . . . 20 99 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 100 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 101 12.1. Normative References . . . . . . . . . . . . . . . . . . 20 102 12.2. Informative References . . . . . . . . . . . . . . . . . 21 103 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 21 104 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 106 1. Introduction 108 The Internet needs to support IPv4 and IPv6 packets. Both address 109 families and their related protocol suites support multicast of the 110 single-source and any-source varieties. During IPv6 transition, 111 there will be scenarios where a backbone network running one IP 112 address family internally (referred to as internal IP or I-IP) will 113 provide transit services to attached client networks running another 114 IP address family (referred to as external IP or E-IP). 116 One solution is to leverage the multicast functions inherent in the 117 I-IP backbone, to efficiently forward client E-IP multicast packets 118 inside an I-IP core tree, which is rooted at one or more ingress AFBR 119 nodes and branches out to one or more egress AFBR leaf nodes. 121 [RFC4925] outlines the requirements for the softwires mesh scenario 122 and includes support for multicast traffic. It is likely that client 123 E-IP multicast sources and receivers will reside in different client 124 E-IP networks connected to an I-IP backbone network. This requires 125 the client E-IP source-rooted or shared tree to traverse the I-IP 126 backbone network. 128 One method of accomplishing this is to re-use the multicast VPN 129 approach outlined in [RFC6513]. MVPN-like schemes can support the 130 softwire mesh scenario and achieve a "many-to-one" mapping between 131 the E-IP client multicast trees and the transit core multicast trees. 132 The advantage of this approach is that the number of trees in the 133 I-IP backbone network scales less than linearly with the number of 134 E-IP client trees. Corporate enterprise networks and by extension 135 multicast VPNs have been known to run applications that create too 136 many (S,G) states. Aggregation at the edge contains the (S,G) states 137 for customer's VPNs and these need to be maintained by the network 138 operator. The disadvantage of this approach is the possibility of 139 inefficient bandwidth and resource utilization when multicast packets 140 are delivered to a receiving AFBR with no attached E-IP receivers. 142 Internet-style multicast is somewhat different in that the trees are 143 source-rooted and relatively sparse. The need for multicast 144 aggregation at the edge (where many customer multicast trees are 145 mapped into one or more backbone multicast trees) does not exist and 146 to date has not been identified. Thus the need for a basic or closer 147 alignment with E-IP and I-IP multicast procedures emerges. 149 [RFC5565] describes the "Softwire Mesh Framework". This document 150 provides a more detailed description of how one-to-one mapping 151 schemes ([RFC5565], Section 11.1) for IPv6 over IPv4 and IPv4 over 152 IPv6 can be achieved. 154 1.1. Requirements Language 156 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 157 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 158 document are to be interpreted as described in [RFC2119]. 160 2. Terminology 162 Figure 1 shows an example of how a softwire mesh network can support 163 multicast traffic. A multicast source S is located in one E-IP 164 client network, while candidate E-IP group receivers are located in 165 the same or different E-IP client networks that all share a common 166 I-IP transit network. When E-IP sources and receivers are not local 167 to each other, they can only communicate with each other through the 168 I-IP core. There may be several E-IP sources for a single multicast 169 group residing in different client E-IP networks. In the case of 170 shared trees, the E-IP sources, receivers and RPs might be located in 171 different client E-IP networks. In the simplest case, a single 172 operator manages the resources of the I-IP core, although the inter- 173 operator case is also possible and so not precluded. 175 ._._._._. ._._._._. 176 | | | | -------- 177 | E-IP | | E-IP |--|Source S| 178 | network | | network | -------- 179 ._._._._. ._._._._. 180 | | 181 AFBR upstream AFBR 182 | | 183 __+____________________+__ 184 / : : : : \ 185 | : : : : | E-IP Multicast 186 | : I-IP transit core : | packets are forwarded 187 | : : : : | across the I-IP 188 | : : : : | transit core 189 \_._._._._._._._._._._._._./ 190 + + 191 downstream AFBR downstream AFBR 192 | | 193 ._._._._ ._._._._ 194 -------- | | | | -------- 195 |Receiver|-- | E-IP | | E-IP |--|Receiver| 196 -------- |network | |network | -------- 197 ._._._._ ._._._._ 199 Figure 1: Softwire Mesh Multicast Framework 201 Terminology used in this document: 203 o Address Family Border Router (AFBR) - A router interconnecting two 204 or more networks using different IP address families. In the context 205 of softwire mesh multicast, the AFBR runs E-IP and I-IP control 206 planes to maintain E-IP and I-IP multicast states respectively and 207 performs the appropriate encapsulation/decapsulation of client E-IP 208 multicast packets for transport across the I-IP core. An AFBR will 209 act as a source and/or receiver in an I-IP multicast tree. 211 o Upstream AFBR: The AFBR router that is located on the upper reaches 212 of a multicast data flow. 214 o Downstream AFBR: The AFBR router that is located on the lower 215 reaches of a multicast data flow. 217 o I-IP (Internal IP): This refers to IP address family (i.e., either 218 IPv4 or IPv6) that is supported by the core (or backbone) network. 219 An I-IPv6 core network runs IPv6 and an I-IPv4 core network runs 220 IPv4. 222 o E-IP (External IP): This refers to the IP address family (i.e. 223 either IPv4 or IPv6) that is supported by the client network(s) 224 attached to the I-IP transit core. An E-IPv6 client network runs 225 IPv6 and an E-IPv4 client network runs IPv4. 227 o I-IP core tree: A distribution tree rooted at one or more AFBR 228 source nodes and branched out to one or more AFBR leaf nodes. An 229 I-IP core tree is built using standard IP or MPLS multicast signaling 230 protocols operating exclusively inside the I-IP core network. An 231 I-IP core tree is used to forward E-IP multicast packets belonging to 232 E-IP trees across the I-IP core. Another name for an I-IP core tree 233 is multicast or multipoint softwire. 235 o E-IP client tree: A distribution tree rooted at one or more hosts 236 or routers located inside a client E-IP network and branched out to 237 one or more leaf nodes located in the same or different client E-IP 238 networks. 240 o uPrefix64: The /96 unicast IPv6 prefix for constructing an 241 IPv4-embedded IPv6 source address in IPv6-over-IPv4 scenario. 243 o uPrefix46: The /96 unicast IPv6 prefix for constructing an 244 IPv4-embedded IPv6 source address in IPv4-over-IPv6 scenario. 246 o mPrefix46: The /96 multicast IPv6 prefix for constructing an 247 IPv4-embedded IPv6 multicast address in IPv4-over-IPv6 scenario. 249 o Inter-AFBR signaling: A mechanism used by downstream AFBRs to send 250 PIM messages to the upstream AFBR. 252 3. Scenarios of Interest 254 This section describes the two different scenarios that softwires 255 mesh multicast is appliacable to. 257 3.1. IPv4-over-IPv6 258 ._._._._. ._._._._. 259 | IPv4 | | IPv4 | -------- 260 | Client | | Client |--|Source S| 261 | network | | network | -------- 262 ._._._._. ._._._._. 263 | | 264 AFBR upstream AFBR 265 | | 266 __+____________________+__ 267 / : : : : \ 268 | : : : : | 269 | : IPv6 transit core : | 270 | : : : : | 271 | : : : : | 272 \_._._._._._._._._._._._._./ 273 + + 274 downstream AFBR downstream AFBR 275 | | 276 ._._._._ ._._._._ 277 -------- | IPv4 | | IPv4 | -------- 278 |Receiver|-- | Client | | Client |--|Receiver| 279 -------- | network| | network| -------- 280 ._._._._ ._._._._ 282 Figure 2: IPv4-over-IPv6 Scenario 284 In Figure 2, the E-IP client networks run IPv4 and the I-IP core runs 285 IPv6. 287 Because of the much larger IPv6 group address space, the client 288 E-IPv4 tree can be mapped to a specific I-IPv6 core tree. This 289 simplifies operations on the AFBR because it becomes possible to 290 algorithmically map an IPv4 group/source address to an IPv6 group/ 291 source address and vice-versa. 293 The IPv4-over-IPv6 scenario is an emerging requirement as network 294 operators build out native IPv6 backbone networks. These networks 295 support native IPv6 services and applications but in many cases, 296 support for legacy IPv4 unicast and multicast services will also need 297 to be accomodated. 299 3.2. IPv6-over-IPv4 300 ._._._._. ._._._._. 301 | IPv6 | | IPv6 | -------- 302 | Client | | Client |--|Source S| 303 | network | | network | -------- 304 ._._._._. ._._._._. 305 | | 306 AFBR upstream AFBR 307 | | 308 __+____________________+__ 309 / : : : : \ 310 | : : : : | 311 | : IPv4 transit core : | 312 | : : : : | 313 | : : : : | 314 \_._._._._._._._._._._._._./ 315 + + 316 downstream AFBR downstream AFBR 317 | | 318 ._._._._ ._._._._ 319 -------- | IPv6 | | IPv6 | -------- 320 |Receiver|-- | Client | | Client |--|Receiver| 321 -------- | network| | network| -------- 322 ._._._._ ._._._._ 324 Figure 3: IPv6-over-IPv4 Scenario 326 In Figure 3, the E-IP Client Networks run IPv6 while the I-IP core 327 runs IPv4. 329 IPv6 multicast group addresses are longer than IPv4 multicast group 330 addresses so it is not possible to perform an algorithmic IPv6 to 331 IPv4 address mapping without the risk of multiple IPv6 group 332 addresses mapped to the same IPv4 address, resulting in unnecessary 333 bandwidth and resource consumption.Therefore, additional efforts will 334 be required to ensure that client E-IPv6 multicast packets can be 335 injected into the correct I-IPv4 multicast trees at the AFBRs. This 336 clear mismatch in IPv6 and IPv4 group address lengths means that it 337 will not be possible to perform a one-to-one mapping between IPv6 and 338 IPv4 group addresses unless the IPv6 group address is scoped, such as 339 applying a "Well-Known" prefix or an ISP-defined prefix. 341 As mentioned earlier, this scenario is common in the MVPN 342 environment. As native IPv6 deployments and multicast applications 343 emerge from the outer reaches of the greater public IPv4 Internet, it 344 is envisaged that the IPv6 over IPv4 softwire mesh multicast scenario 345 will be a necessary feature supported by network operators. 347 4. IPv4-over-IPv6 Mechanism 349 4.1. Mechanism Overview 351 Routers in the client E-IPv4 networks have routes to all other client 352 E-IPv4 networks. Through PIM messages, E-IPv4 hosts and routers have 353 discovered or learnt of (S,G) or (*,G) IPv4 addresses. Any I-IPv6 354 multicast state instantiated in the core is referred to as (S',G') or 355 (*,G') and is certainly separated from E-IPv4 multicast state. 357 Suppose a downstream AFBR receives an E-IPv4 PIM Join/Prune message 358 from the E-IPv4 network for either an (S,G) tree or a (*,G) tree. 359 The AFBR can translate the E-IPv4 PIM message into an I-IPv6 PIM 360 message with the latter being directed towards the I-IP IPv6 address 361 of the upstream AFBR. When the I-IPv6 PIM message arrives at the 362 upstream AFBR, it MUST be translated back into an E-IPv4 PIM message. 363 The result of these actions is the construction of E-IPv4 trees and a 364 corresponding I-IP tree in the I-IP network. An example of the 365 packet format and traslation is provided in Section 8. 367 In this case, it is incumbent upon the AFBR routers to perform PIM 368 message conversions in the control plane and IP group address 369 conversions or mappings in the data plane. The AFBRs perform an 370 algorithmic, one-to-one mapping of IPv4-to-IPv6. 372 4.2. Group Address Mapping 374 For the IPv4-over-IPv6 scenario, a simple algorithmic mapping between 375 IPv4 multicast group addresses and IPv6 group addresses is performed. 376 Figure 4 shows the reminder of the format: 378 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 379 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 380 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 381 | mPrefix46 |group address | 382 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 384 Figure 4: IPv4-Embedded IPv6 Multicast Address Format 386 An IPv6 multicast prefix (mPrefix46) is assigned to each AFBR. AFBRs 387 will prepend the prefix to an IPv4 multicast group address when 388 translating it to an IPv6 multicast group address. 390 The mPrefix46 for SSM mode is also defined in Section 4.1 of 391 [RFC7371] 392 With this scheme, each IPv4 multicast address can be mapped into an 393 IPv6 multicast address (with the assigned prefix), and each IPv6 394 multicast address with the assigned prefix can be mapped into an IPv4 395 multicast address. 397 4.3. Source Address Mapping 399 There are two kinds of multicast: ASM and SSM. Considering that I-IP 400 network and E-IP network may support different kinds of multicast, 401 the source address translation rules needed to support all possible 402 scenarios may become very complex. But since SSM can be implemented 403 with a strict subset of the PIM-SM protocol mechanisms [RFC7761], we 404 can treat the I-IP core as SSM-only to make it as simple as possible. 405 There then remain only two scenarios to be discussed in detail: 407 o E-IP network supports SSM 409 One possible way to make sure that the translated I-IPv6 PIM 410 message reaches upstream AFBR is to set S' to a virtual IPv6 411 address that leads to the upstream AFBR. Figure 5 is the 412 recommended address format based on [RFC6052]: 414 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 415 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 416 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 417 | prefix |v4(32) | u | suffix |source address | 418 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 419 |<------------------uPrefix46------------------>| 421 Figure 5: IPv4-Embedded IPv6 Virtual Source Address Format 423 In this address format, 425 * The "prefix" field contains a "Well-Known" prefix or an ISP- 426 defined prefix. An existing "Well-Known" prefix is 64:ff9b, 427 which is defined in [RFC6052]; 429 * The "v4" field is the IP address of one of upstream AFBR's 430 E-IPv4 interfaces; 432 * The "u" field is defined in [RFC4291], and MUST be set to zero; 434 * The "suffix" field is reserved for future extensions and SHOULD 435 be set to zero; 437 * The "source address" field stores the original S. 439 We call the overall /96 prefix ("prefix" field and "v4" field and 440 "u" field and "suffix" field altogether) "uPrefix46". 442 o E-IP network supports ASM 444 The (S,G) source list entry and the (*,G) source list entry only 445 differ in that the latter has both the WC and RPT bits of the 446 Encoded-Source-Address set, while the former is all cleared (See 447 Section 4.9.5.1 of [RFC7761]). So we can translate source list 448 entries in (*,G) messages into source list entries in (S'G') 449 messages by applying the format specified in Figure 5 and clearing 450 both the WC and RPT bits at downstream AFBRs, and vice-versa for 451 the reverse translation at upstream AFBRs. 453 4.4. Routing Mechanism 455 In the mesh multicast scenario, routing information is REQUIRED to be 456 distributed among AFBRs to make sure that the PIM messages that a 457 downstream AFBR propagates reach the right upstream AFBR. 459 Every AFBR MUST know the /32 prefix in "IPv4-Embedded IPv6 Virtual 460 Source Address Format". To achieve this, every AFBR should announce 461 one of its E-IPv4 interfaces in the "v4" field, and the corresponding 462 uPrefix46. The announcement SHOULD be sent to the other AFBRs 463 through MBGP. Since every IP address of upstream AFBR's E-IPv4 464 interface is different from each other, every uPrefix46 that AFBR 465 announces MUST be different, and uniquely identifies each AFBR. 466 "uPrefix46" is an IPv6 prefix, and the distribution mechanism is the 467 same as the traditional mesh unicast scenario. But "v4" field is an 468 E-IPv4 address, and BGP messages are NOT tunneled through softwires 469 or any other mechanism specified in [RFC5565], AFBRs MUST be able to 470 transport and encode/decode BGP messages that are carried over 471 I-IPv6, whose NLRI and NH are of E-IPv4 address family. 473 In this way, when a downstream AFBR receives an E-IPv4 PIM (S,G) 474 message, it can translate this message into (S',G') by looking up the 475 IP address of the corresponding AFBR's E-IPv4 interface. Since the 476 uPrefix46 of S' is unique, and is known to every router in the I-IPv6 477 network, the translated message will be forwarded to the 478 corresponding upstream AFBR, and the upstream AFBR can translate the 479 message back to (S,G). When a downstream AFBR receives an E-IPv4 PIM 480 (*,G) message, S' can be generated according to the format specified 481 in Figure 4, with "source address" field set to *(the IPv4 address of 482 RP). The translated message will be forwarded to the corresponding 483 upstream AFBR. Since every PIM router within a PIM domain MUST be 484 able to map a particular multicast group address to the same RP (see 485 Section 4.7 of [RFC7761]), when the upstream AFBR checks the "source 486 address" field of the message, it finds the IPv4 address of the RP, 487 and assertains that this is originally a (*,G) message. This is then 488 translated back to the (*,G) message and processed. 490 5. IPv6-over-IPv4 Mechanism 492 5.1. Mechanism Overview 494 Routers in the client E-IPv6 networks contain routes to all other 495 client E-IPv6 networks. Through PIM messages, E-IPv6 hosts and 496 routers have discovered or learnt of (S,G) or (*,G) IPv6 addresses. 497 Any I-IP multicast state instantiated in the core is referred to as 498 (S',G') or (*,G') and is separated from E-IP multicast state. 500 This particular scenario introduces unique challenges. Unlike the 501 IPv4-over-IPv6 scenario, it is impossible to map all of the IPv6 502 multicast address space into the IPv4 address space to address the 503 one-to-one Softwire Multicast requirement. To coordinate with the 504 "IPv4-over-IPv6" scenario and keep the solution as simple as 505 possible, one possible solution to this problem is to limit the scope 506 of the E-IPv6 source addresses for mapping, such as applying a "Well- 507 Known" prefix or an ISP-defined prefix. 509 5.2. Group Address Mapping 511 To keep one-to-one group address mapping simple, the group address 512 range of E-IP IPv6 can be reduced in a number of ways to limit the 513 scope of addresses that need to be mapped into the I-IP IPv4 space. 515 For example, the high order bits of the E-IPv6 address range will be 516 fixed for mapping purposes. With this scheme, each IPv4 multicast 517 address can be mapped into an IPv6 multicast address (with the 518 assigned prefix), and each IPv6 multicast address with the assigned 519 prefix can be mapped into an IPv4 multicast address. 521 5.3. Source Address Mapping 523 There are two kinds of multicast --- ASM and SSM. Considering that 524 I-IP network and E-IP network may support different kind of 525 multicast, the source address translation rules needed to support all 526 possible scenarios may become very complex. But since SSM can be 527 implemented with a strict subset of the PIM-SM protocol mechanisms 528 [RFC7761], we can treat the I-IP core as SSM-only to make it as 529 simple as possible. There then remain only two scenarios to be 530 discussed in detail: 532 o E-IP network supports SSM 534 To make sure that the translated I-IPv4 PIM message reaches the 535 upstream AFBR, we need to set S' to an IPv4 address that leads to 536 the upstream AFBR. But due to the non-"one-to-one" mapping of 537 E-IPv6 to I-IPv4 unicast address, the upstream AFBR is unable to 538 remap the I-IPv4 source address to the original E-IPv6 source 539 address without any constraints. 541 We apply a fixed IPv6 prefix and static mapping to solve this 542 problem. A recommended source address format is defined in 543 [RFC6052]. Figure 6 is the reminder of the format: 545 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 546 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 547 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 548 | uPrefix64 |source address | 549 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 551 Figure 6: IPv4-Embedded IPv6 Source Address Format 553 In this address format, the "uPrefix64" field starts with a "Well- 554 Known" prefix or an ISP-defined prefix. An existing "Well-Known" 555 prefix is 64:ff9b/32, which is defined in [RFC6052]; The "source 556 address" field is the corresponding I-IPv4 source address. 558 o The E-IP network supports ASM 560 The (S,G) source list entry and the (*,G) source list entry only 561 differ in that the latter has both the WC and RPT bits of the 562 Encoded-Source-Address set, while the former is all cleared (See 563 Section 4.9.5.1 of [RFC7761]). So we can translate source list 564 entries in (*,G) messages into source list entries in (S',G') 565 messages by applying the format specified in Figure 5 and setting 566 both the WC and RPT bits at downstream AFBRs, and vice-versa for 567 the reverse translation at upstream AFBRs. Here, the E-IPv6 568 address of RP MUST follow the format specified in Figure 6. RP' 569 is the upstream AFBR that locates between RP and the downstream 570 AFBR. 572 5.4. Routing Mechanism 574 In the mesh multicast scenario, routing information is REQUIRED to be 575 distributed among AFBRs to make sure that PIM messages that a 576 downstream AFBR propagates reach the right upstream AFBR. 578 To make it feasible, the /96 uPrefix64 MUST be known to every AFBR, 579 every E-IPv6 address of sources that support mesh multicast MUST 580 follow the format specified in Figure 6, and the corresponding 581 upstream AFBR of this source MUST announce the I-IPv4 address in 582 "source address" field of this source's IPv6 address to the I-IPv4 583 network. Since uPrefix64 is static and unique in IPv6-over-IPv4 584 scenario, there is no need to distribute it using BGP. The 585 distribution of "source address" field of multicast source addresses 586 is a pure I-IPv4 process and no more specification is needed. 588 In this way, when a downstream AFBR receives a (S,G) message, it can 589 translate the message into (S',G') by simply taking off the prefix in 590 S. Since S' is known to every router in I-IPv4 network, the 591 translated message will be forwarded to the corresponding upstream 592 AFBR, and the upstream AFBR can translate the message back to (S,G) 593 by appending the prefix to S'. When a downstream AFBR receives a 594 (*,G) message, it can translate it into (S',G') by simply taking off 595 the prefix in *(the E-IPv6 address of RP). Since S' is known to 596 every router in I-IPv4 network, the translated message will be 597 forwarded to RP'. And since every PIM router within a PIM domain 598 MUST be able to map a particular multicast group address to the same 599 RP (see Section 4.7 of [RFC7761]), RP' knows that S' is the mapped 600 I-IPv4 address of RP, so RP' will translate the message back to (*,G) 601 by appending the prefix to S' and propagate it towards RP. 603 6. Control Plane Functions of AFBR 605 AFBRs are responsible for the following functions: 607 6.1. E-IP (*,G) State Maintenance 609 When an AFBR wishes to propagate a Join/Prune(*,G) message to an I-IP 610 upstream router, the AFBR MUST translate Join/Prune(*,G) messages 611 into Join/Prune(S',G') messages following the rules specified above, 612 then send the latter. 614 6.2. E-IP (S,G) State Maintenance 616 When an AFBR wishes to propagate a Join/Prune(S,G) message to an I-IP 617 upstream router, the AFBR MUST translate Join/Prune(S,G) messages 618 into Join/Prune(S',G') messages following the rules specified above, 619 then send the latter. 621 6.3. I-IP (S',G') State Maintenance 623 It is possible that the I-IP transit core runs another non-transit 624 I-IP PIM-SSM instance. Since the translated source address starts 625 with the unique "Well-Known" prefix or the ISP-defined prefix that 626 SHOULD NOT be used by other service provider, mesh multicast will not 627 influence non-transit PIM-SSM multicast at all. When an AFBR 628 receives an I-IP (S',G') message, it MUST check S'. If S' starts 629 with the unique prefix, then the message is actually a translated 630 E-IP (S,G) or (*,G) message, and the AFBR MUST translate this message 631 back to E-IP PIM message and process it. 633 6.4. E-IP (S,G,rpt) State Maintenance 635 When an AFBR wishes to propagate a Join/Prune(S,G,rpt) message to an 636 I-IP upstream router, the AFBR MUST operate as specified in 637 Section 6.5 and Section 6.6. 639 6.5. Inter-AFBR Signaling 641 Assume that one downstream AFBR has joined a RPT of (*,G) and a SPT 642 of (S,G), and decide to perform a SPT switchover. According to 643 [RFC7761], it SHOULD propagate a Prune(S,G,rpt) message along with 644 the periodical Join(*,G) message upstream towards RP. However, 645 routers in the I-IP transit core do not process (S,G,rpt) messages 646 since the I-IP transit core is treated as SSM-only. As a result, the 647 downstream AFBR is unable to prune S from this RPT, so it will 648 receive two copies of the same data of (S,G). In order to solve this 649 problem, we introduce a new mechanism for downstream AFBRs to inform 650 upstream AFBRs of pruning any given S from an RPT. 652 When a downstream AFBR wishes to propagate a (S,G,rpt) message 653 upstream, it SHOULD encapsulate the (S,G,rpt) message, then send the 654 encapsulated unicast message to the corresponding upstream AFBR, 655 which we call "RP'". 657 When RP' receives this encapsulated message, it SHOULD decapsulate 658 the message as in the unicast scenario, and retrieve the original 659 (S,G,rpt) message. The incoming interface of this message may be 660 different to the outgoing interface which propagates multicast data 661 to the corresponding downstream AFBR, and there may be other 662 downstream AFBRs that need to receive multicast data of (S,G) from 663 this incoming interface, so RP' SHOULD NOT simply process this 664 message as specified in [RFC7761] on the incoming interface. 666 To solve this problem as simply as possible, we introduce an 667 "interface agent" to process all the encapsulated (S,G,rpt) messages 668 the upstream AFBR receives, and prune S from the RPT of group G when 669 no downstream AFBR is subscribed to receive multicast data of (S,G) 670 along the RPT. In this way, we ensure that downstream AFBRs will not 671 miss any multicast data that they need, at the cost of duplicated 672 multicast data of (S,G) along the RPT received by SPT-switched-over 673 downstream AFBRs, if at least one downstream AFBR exists that has not 674 yet sent Prune(S,G,rpt) messages to the upstream AFBR. The following 675 diagram shows an example of how an "interface agent" MAY be 676 implemented: 678 +----------------------------------------+ 679 | | 680 | +-----------+----------+ | 681 | | PIM-SM | UDP | | 682 | +-----------+----------+ | 683 | ^ | | 684 | | | | 685 | | v | 686 | +----------------------+ | 687 | | I/F Agent | | 688 | +----------------------+ | 689 | PIM ^ | multicast | 690 | messages | | data | 691 | | +-------------+---+ | 692 | +--+--|-----------+ | | 693 | | v | v | 694 | +--------- + +----------+ | 695 | | I-IP I/F | | I-IP I/F | | 696 | +----------+ +----------+ | 697 | ^ | ^ | | 698 | | | | | | 699 +--------|-----|----------|-----|--------+ 700 | v | v 702 Figure 7: Interface Agent Implementation Example 704 Figure 7 shows an example of interface agent implementation using UDP 705 encapsulation. The interface agent has two responsibilities: In the 706 control plane, it SHOULD work as a real interface that has joined 707 (*,G), representing of all the I-IP interfaces which are outgoing 708 interfaces of the (*,G) state machine, and process the (S,G,rpt) 709 messages received from all the I-IP interfaces. The interface agent 710 maintains downstream (S,G,rpt) state machines of every downstream 711 AFBR, and submits Prune (S,G,rpt) messages to the PIM-SM module only 712 when every (S,G,rpt) state machine is at Prune(P) or PruneTmp(P') 713 state, which means that no downstream AFBR is subscribed to receive 714 multicast data of (S,G) along the RPT of G. Once a (S,G,rpt) state 715 machine changes to NoInfo(NI) state, which means that the 716 corresponding downstream AFBR has switched to receive multicast data 717 of (S,G) along the RPT again, the interface agent SHOULD send a Join 718 (S,G,rpt) to the PIM-SM module immediately; In the data plane, upon 719 receiving a multicast data packet, the interface agent SHOULD 720 encapsulate it at first, then propagate the encapsulated packet from 721 every I-IP interface. 723 NOTICE: It is possible that an E-IP neighbor of RP' that has joined 724 the RPT of G, so the per-interface state machine for receiving E-IP 725 Join/Prune (S,G,rpt) messages SHOULD keep alive. 727 6.6. SPT Switchover 729 After a new AFBR expresses its interest in receiving traffic destined 730 for a multicast group, it will receive all the data from the RPT at 731 first. At this time, every downstream AFBR will receive multicast 732 data from any source from this RPT, in spite of whether they have 733 switched over to an SPT of some source(s) or not. 735 To minimize this redundancy, it is recommended that every AFBR's 736 SwitchToSptDesired(S,G) function employs the "switch on first packet" 737 policy. In this way, the delay in switchover to SPT is kept as small 738 as possible, and after the moment that every AFBR has performed the 739 SPT switchover for every S of group G, no data will be forwarded in 740 the RPT of G, thus no more redundancy will be produced. 742 6.7. Other PIM Message Types 744 Apart from Join or Prune, other message types exist, including 745 Register, Register-Stop, Hello and Assert. Register and Register- 746 Stop messages are sent by unicast, while Hello and Assert messages 747 are only used between directly linked routers to negotiate with each 748 other. It is not necessary to translate these for forwarding, thus 749 the processing of these messages is out of scope for this document. 751 6.8. Other PIM States Maintenance 753 Apart from states mentioned above, other states exist, including 754 (*,*,RP) and I-IP (*,G') state. Since we treat the I-IP core as SSM- 755 only, the maintenance of these states is out of scope for this 756 document. 758 7. Data Plane Functions of the AFBR 760 7.1. Process and Forward Multicast Data 762 On receiving multicast data from upstream routers, the AFBR checks 763 its forwarding table to find the IP address of each outgoing 764 interface. If there is at least one outgoing interface whose IP 765 address family is different from the incoming interface, the AFBR 766 MUST encapsulate/decapsulate this packet and forward it via the 767 outgoing interface(s), then forward the data via other outgoing 768 interfaces without encapsulation/decapsulation. 770 When a downstream AFBR that has already switched over to the SPT of S 771 receives an encapsulated multicast data packet of (S,G) along the 772 RPT, it SHOULD silently drop this packet. 774 7.2. Selecting a Tunneling Technology 776 Choosing tunneling technology depends on the policies configured on 777 AFBRs. It is REQUIRED that all AFBRs use the same technology, 778 otherwise some AFBRs SHALL not be able to decapsulate encapsulated 779 packets from other AFBRs that use a different tunneling technology. 781 7.3. TTL 783 Processing of TTL depends on the tunneling technology, and it is out 784 of scope of this document. 786 7.4. Fragmentation 788 The encapsulation performed by an upstream AFBR will increase the 789 size of packets. As a result, the outgoing I-IP link MTU may not 790 accommodate the larger packet size. As it is not always possible for 791 core operators to increase the MTU of every link. Fragmentation 792 after encapsulation and reassembling of encapsulated packets MUST be 793 supported by AFBRs [RFC5565]. 795 8. Packet Format and Translation 797 Because the PIM-SM Specification is independent of the underlying 798 unicast routing protocol, the packet format in Section 4.9 of 799 [RFC7761] remains the same, except that the group address and source 800 address MUST be translated when traversing AFBR. 802 For example, Figure 8 shows the register-stop message format in IPv4 803 and IPv6 address family. 805 0 1 2 3 806 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 807 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 808 |PIM Ver| Type | Reserved | Checksum | 809 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 810 | IPv4 Group Address (Encoded-Group format) | 811 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 812 | IPv4 Source Address (Encoded-Unicast format) | 813 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 814 (1). IPv4 Register-Stop Message Format 816 0 1 2 3 817 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 818 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 819 |PIM Ver| Type | Reserved | Checksum | 820 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 821 | IPv6 Group Address (Encoded-Group format) | 822 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 823 | IPv6 Source Address (Encoded-Unicast format) | 824 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 825 (2). IPv6 Register-Stop Message Format 827 Figure 8: Register-Stop Message Format 829 In Figure 8, the semantics of fields "PIM Ver", "Type", "Reserved", 830 and "Checksum" remain the same. 832 IPv4 Group Address (Encoded-Group format): The encoded-group format 833 of the IPv4 group address described in Section 4.2 and 5.2. 835 IPv4 Source Address (Encoded-Group format): The encoded-unicast 836 format of the IPv4 source address described in Section 4.3 and 5.3. 838 IPv6 Group Address (Encoded-Group format): The encoded-group format 839 of the IPv6 group address described in Section 4.2 and 5.2. 841 IPv6 Source Address (Encoded-Group format): The encoded-unicast 842 format of the IPv6 source address described in Section 4.3 and 5.3. 844 9. Softwire Mesh Multicast Encapsulation 846 Softwire mesh multicast encapsulation does not require the use of any 847 one particular encapsulation mechanism. Rather, it must accommodate 848 a variety of different encapsulation mechanisms, and allow the use of 849 encapsulation mechanisms mentioned in [RFC4925]. Additionally, all 850 of the AFBRs attached to the I-IP network MUST implement the same 851 encapsulation mechanism. 853 10. Security Considerations 855 The security concerns raised in [RFC4925] and [RFC7761] are 856 applicable here. In addition, the additional workload associated 857 with some schemes could be exploited by an attacker to perform a out 858 DDoS attack. Compared with [RFC4925], the security concerns SHOULD 859 be considered more carefully: an attacker could potentially set up 860 many multicast trees in the edge networks, causing too many multicast 861 states in the core network. 863 11. IANA Considerations 865 This document includes no request to IANA. 867 12. References 869 12.1. Normative References 871 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 872 Requirement Levels", BCP 14, RFC 2119, 873 DOI 10.17487/RFC2119, March 1997, 874 . 876 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 877 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 878 2006, . 880 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 881 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 882 December 2005, . 884 [RFC4925] Li, X., Ed., Dawkins, S., Ed., Ward, D., Ed., and A. 885 Durand, Ed., "Softwire Problem Statement", RFC 4925, 886 DOI 10.17487/RFC4925, July 2007, 887 . 889 [RFC5565] Wu, J., Cui, Y., Metz, C., and E. Rosen, "Softwire Mesh 890 Framework", RFC 5565, DOI 10.17487/RFC5565, June 2009, 891 . 893 [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. 894 Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, 895 DOI 10.17487/RFC6052, October 2010, 896 . 898 [RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/ 899 BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February 900 2012, . 902 [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., 903 Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent 904 Multicast - Sparse Mode (PIM-SM): Protocol Specification 905 (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March 906 2016, . 908 12.2. Informative References 910 [RFC7371] Boucadair, M. and S. Venaas, "Updates to the IPv6 911 Multicast Addressing Architecture", RFC 7371, 912 DOI 10.17487/RFC7371, September 2014, 913 . 915 Appendix A. Acknowledgements 917 Wenlong Chen, Xuan Chen, Alain Durand, Yiu Lee, Jacni Qin and Stig 918 Venaas provided useful input into this document. 920 Authors' Addresses 922 Mingwei Xu 923 Tsinghua University 924 Department of Computer Science, Tsinghua University 925 Beijing 100084 926 P.R. China 928 Phone: +86-10-6278-5822 929 Email: xmw@cernet.edu.cn 931 Yong Cui 932 Tsinghua University 933 Department of Computer Science, Tsinghua University 934 Beijing 100084 935 P.R. China 937 Phone: +86-10-6278-5822 938 Email: cuiyong@tsinghua.edu.cn 940 Jianping Wu 941 Tsinghua University 942 Department of Computer Science, Tsinghua University 943 Beijing 100084 944 P.R. China 946 Phone: +86-10-6278-5983 947 Email: jianping@cernet.edu.cn 948 Shu Yang 949 Tsinghua University 950 Graduate School at Shenzhen 951 Shenzhen 518055 952 P.R. China 954 Phone: +86-10-6278-5822 955 Email: yangshu@csnet1.cs.tsinghua.edu.cn 957 Chris Metz 958 Cisco Systems 959 170 West Tasman Drive 960 San Jose, CA 95134 961 USA 963 Phone: +1-408-525-3275 964 Email: chmetz@cisco.com 966 Greg Shepherd 967 Cisco Systems 968 170 West Tasman Drive 969 San Jose, CA 95134 970 USA 972 Phone: +1-541-912-9758 973 Email: shep@cisco.com